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'1 METHOD, .APPARATUS, AND SYSTEM FOR SECURE DATA TRANSPORT 

2 -FIELD OF THE INVENTION 

3 .This invention relates generally to the field of data 

•4 transmission over computer networks and more particularly 

'5 to a universally adaptable server-side software system for 

6 an automatically encrypted and decrypted, password 

7 controlled secure transfer of data from a source host to a 

8 destination host across any internetwork. 

9 

10 BACKGROUND OF THE INVENTION 

11 In recent years, the widespread adoption of public 

12 and private networks has modernised the manner is which 

13 organizations communicate and conduct business. Advanced 

14 networks provide an attractive medium for communication 

15 and commerce because of their global reach, accessability, 

16 use of open standards, and ability to permit interactions 

17 on a concurrent basis. Additionally, networks allow 

18 businesses a user-friendly, low cost way to conduct a wide 

19 variety of commercial functions electronically. 

20 A computer network is basically a collection of 

21 computers that are physically and logically connected 

22 together to exchange data or "information." The network 

23 may be local area network, connected by short segments of 

24 ethernet or to the same network hub, or wide area network, 

25 separated by a considerable distance. An internetwork is 

26 a network of computer networks, of which the Internet is 

27 commonly acknowledged as the largest. 

28 The Internet is based on standard protocols that 

29 allow computers to communicate with each other even if 

30 using different software vendors, thus'allowing anyone 

31 with a computer easy accessability to everything else 

32 connected to the Internet world wide. As a result of this 

33 global access, it is becoming increasingly useful for 

34 businesses and individuals to transmit information via 

35 networks and internetworks from one site to another. 
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'T.he :interconnected computexs -exchange information 
using '.various services,, for exampl-e, -the World Wide 'Web 
.('WWW')-and •electronic -mail. \The WWW created .a way ;for 
computers in -.various locations to display ‘text that • 
contained .'links .to -other file's. 'The WWW .service allows a 
-server computer ’system (.Web .server or .Web site) to send 
graphical 'Web pages of information to a remote client 
computer system. The remote client computer system can 
then display the Web pages. 

In a standard e-mail system, a user's computer is 
connected to a provider of Internet services, and the 
user's computer provides an e-mail password when polling 
the provider's computer for new mail. The mail resides on 
the provider's computer in plain text form where it can be 
read by anyone. In both examples, the information, if 
unsecured, is replicated at many sites in the process of 
being transmitted to a destination site and thereby is 
made available to the public. 

Organizations are increasingly utilizing these 
networks, to improve customer service and streamline 
business communication through applications such as e- 
mail, messaging, remote access, intranet based 
applications, on-line support and supply chain 
applications. The very openness and accessibility that 
has stimulated the use of public and private networks has 
also driven the need for network security. 

Presently, to provide for a secure transfer of 
information, it may be encrypted at the sending host's end 
and decrypted at the receiver's end. Encryption 
algorithms transform written words and other kinds of 
messages so that they are unintelligible to unauthorized 
recipients. An authorized recipient can then transform 
the words or messages back into a message that is • 
perfectly understandable. Currently, there are two basic 
kinds of encryption algorithms (1) symmetric key 
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.algorithms and (2) public key algorithms. 

Symmetric (or private) key algorithms use the same 
.key 'to encrypt and decrypt the message. Generally.,- they 
are faster and easier to implement than public keys.. 
However, for two parties to securely exchange information., 
'those parties must first securely exchange an encryption 
key. Examples of symmetric key algorithms include DES, 
DESX, Triple-DES, Blowfish, IDEA, RC2, RC4, and RC5. 

■ Public key algorithms use one key (public key) to 
encrypt the message and another key (private key') to 
encrypt it. The public key is made public and is used by 
the sender to encrypt a message sent to the owner of the 
public key then the message can.only be decrypted by the 
person with the private key. Unfortunately, public keys 
are very slow, require authentication, and do not work 
well with large files. 

A third type of system is a hybrid of the public and 
private systems. The slower public key cryptography is 
used to exchange a random session, key, which is then used 
as the basis of a symmetric (private) key algorithm. The 
session key is used only for a single encryption session 
and is then discarded. Nearly all practical public key 
cryptography implementations in use today are actually 
hybrid systems. 

Finally, message digest functions are used in 
conjunction with public key cryptography. A message 
digest function generates a unique pattern of bits for a 
given input. The digest distills the information 
contained in a file into a single large number, typically 
128 and 256 bits in length. The digest value is computed 
in such a way that finding an input, that will exactly 
generate a given digest is computationally infeasible. 

Message digest algorithms are not used for encryption 
or decryption but for creation of digital signatures, 
messages authentication codes (MAC), and the creation of 
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encryption )keys from -passphrases.. For example. Pretty 
Good Privacy (PGP) uses message digests to transform a 
•pa-ssph-rase [.provided .by a user in 'to an encryption key that 
.is used .f.or .'symmetric encryption.. (PGP :uses symmetric 
encryption for its ‘"conventional encryption"' function as 
-well as to encrypt 'the user's private key) . A few digest 
in use are !HMAC, ’MD2, MD4., MD5SHA, and SHA-1- 

Working cryptographic systems can be divided into two 
categories; (1) programs and protocols that are used for 
encryption of e-mail messages such as PGP and S/MIME and 
(2) cryptographic systems used for providing 
confidentiality, authentication, integrity, and 
nonrepudiation in a network environment. The latter 
requires real-time interplay between a client and a server 
to work properly. Examples include Secure Socket Layer 
(SSL) a general-purpose cryptographic protocol that can be 
used with any TCP/IP service and PCT a transport layer 
security protocol for use with TCP/IP service, PCT., S- 
HTTP, SET, Cybercash, DNSSEC, Ipsec,.IPv6, Kerberos, and 
SSH. ■ 

Although the present means of securing the electric 
transfer of information provides a level of security, the 
security provided can be easily breached. Symmetric 
encryption algorithms are vulnerable to attack by (1) key 
search or brute force attacks, (2) cryptanalysis, and (3) 
systems-based attacks. First, in a key search, the cracker 
simply tries every possible key, one after another, until 
the he/she is allowed into the system or the ciphertext is 
decrypted. There is no way to defend against this but a 
128 bit key is highly resistant because of the large 
number of possible keys to be tried. 

Second, in cryptanalysis, the algorithm can be 
defeated by using a combination of sophisticated 
mathematics and computer power. Many encrypted messages 
can be deciphered without knowing the key. Finally,, the 
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cryptographic system itself is attacked without actuaTly 
attacking the algorithm. 

Public key algorithms are theoretically easier to 
attack then symmetric key algorithms -because the attacker 
has a copy of the public key that was used to encrypt the 
message. Also, the message presumable identifies which 
public key encryption algorithm was used to encrypt the 
message. These attacks are (1) factoring attacks and (2) 
algorithmic attacks. First, factoring attacks attempt ho 
derive a private key from its corresponding public key. 
This attack can be performed by factoring a number that is 
associated with the public key. 

Second, an algorithm attack consists of finding a 
fundamental flaw or weakness in the mathematical problem 
on which the encryption system is based. Although not 
often done, it has been accomplished. 

Message digest functions can be attacked by (1) 
finding two messages-any two messages-that have the same 
message digest and (2) given a particular message, find a 
second message that has the same message digest code. 

Thus, what is needed is a system for securing the 
electronic transfer of information that circumvents 
decryption. Also, needed is one system that can be used . 
for both e-mail and internet security.- Finally, needed is 
a widely available, user-friendly system for securing 
electronic transfer and storage of information. 


SUMMARY OF THE INVENTION 

The present invention provides a universally 
adaptable server-side software system designed to 
administrate access and facilitate virtually impregnable 
security for the delivery, storage, and sharing of 
documents and files utilizing any compatible network as a 
secure communications forum. 


the instant invention is a method and 


In general, 
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1 -apparatus' for encrypting data with a either a .random 
.2 automatic -mode of encryption/ and a client selected 

3 .private "ke;y, that does not 'travel with the document.. The 

•4 -method and apparatus, writes the encryption algorithm 
:5 creating a -packaged application. The encryption program 
‘6 generates random sequences or encryption algorithms, with 

7 respect to time sensitivity, to be used in the packaged 

8 application that it creates. No two algorithms will ever 

9 .be the same. 

10 In the basic embodiment, the client accesses the 

11 server using a data-base authentication system requiring 

12 User name and Password. Once access is granted, the 

13 packaged application is sent to the client machine as a 

14 . temporary file to encrypt the files being sent or uploaded 

15 to the server. The application package breaks the files 

16 down into binary form, reads the binary form, and then 

17 rewrites the data to the temporary file it created. On a 

18 binary level, the code is rewritten and saved for transfer 

19 in a file format only decodable by the end recipient. 

20 Once this process is complete, the application packet then 

21 sends the encrypted data to the server via SSL protocol 

22 connection. 

23 The data resides on the server waiting for an 

24 intended recipient to download and unlock it. When file 

25 retrieval is requested, the server authenticates the user 

26 and password via a log-on system. Once access is granted, 

27 the server generates a new application packet designed to 

28 decrypt the file being requested, based on the original 

29 encryption algorithm. The server retrieves its original 

30 entry, sets into motion the sequence of creating a 

31 decryption program, saves the generated program, and then 

32 sends the application packet to the requesting client 

33 machine. 

34 The client machine receives the application packet to 

35 decrypt the file from the server and a copy of the file to 
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be decrypted is downloaded. The application program -now 
runs the calculations it needs to decrypt the data with 
the sequence it was given. The application program opens, 
the file, reads the binary data, and writes the data to - a 
new 'temporary file created for its -reception. . When the 
file is decrypted, the program saves the file to a folder 
specified by the recipient and then deletes itself 
providing a secure transfer. Upon' completion of the 
transfer, the original encrypted file located on the 
server can be deleted or retained archival. ; 

Accordingly, it is an objective of the instant 
invention to provide a method and apparatus that provides 
secure electronic transfer of information by using a 
random and automatic mode of encryption wherein no two 
algorithms are ever repeated. 

Still another objective of the instant invention to 
provide a method and apparatus that allov^s for secure data 
transportation that encrypts at the 128 bit level, 
transports and stores data encrypted., and decrypted only 
to an authorized user. 

A further objective of the instant invention to 
provide a basic level of security wherein data is 
transported via an SSL protocol and automatically 
encrypted. In this mode only authorized user on a network 
can decrypt data for review or modification. Separately 
and in addition, a secure e-mail•notification is 
dispatched to the intended recipient(s) to inform them of 
secure data waiting for retrieval. 

Another objective of the instant invention to provide 
a heightened level of security wherein a private and 
secondary key or digital file lock can be employed 
providing a unique secondary data lock. 

Still another objective of the instant invention to 
provide a client-side locking device or biometric 
interface. In such a locking device, a retinal scanner. 
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1 .finger print scanner., smart card reader or the Tike anc .be 

2 implemented in order to send or retrieve information.. 

3 Yet another objective of the instant .invention is to 

4 provide virtually impregnable security for the delivery, 

5 storage, and sharing of documents and files utilizing any 

6 compatible network as a secure communications forum. 

7 Other objects and advantages of this invention will 

8 become apparent from the following description taken in 

9 conjunction with the accompanying drawings- wherein are set 

10 forth, by way of illustration and example, certain 

11 embodiments of this invention. The drawings constitute a 

12 part of this specification and include exemplary 

13 embodiments of the present invention and illustrate 

14 various objects and features thereof. 

15 

16 BRIEF DESCRIPTION OF THE FIGURES 

17 Figure 1 is a block diagram of the client file 

18 encryption transfer request of the instant invention; 

19 Figure 2 is a block diagram of the encryption 

20 , transfer; 

21 Figure 3 is a block diagram, of the recipient file 

22 request; and 

23 Figure 4 is a block diagram of -the decryption 

24 transfer. 

25 ' 

26 DETAILED DESCRIPTION OF THE INVENTION 

27 Although the invention will be described in terms of 

28 a specific embodiment, it will be readily apparent to 

29 those skilled in this, art that various modifications, 

30 rearrangements, and substitutions can'be made without 

31 departing from the spirit of the invention. The scope of 

32 the invention is defined by the claims appended hereto. 

33 Now, referring to Fig. 1, shown is flow chart 

34 depicting the steps required for encrypting data allowing 

35 for secure transfer of electronic data. A client 10 opens 
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1 a web -.browser and .accesses a -qualified .server >12 therein 
.2 requesting data -transfer.. .The .-server 1.2 provides login 
3 account qualifier data requiring -either user name and -a 

-4 .password 14 or a biometric interface 16 .such as a .retinal 

5 -scanner, finger print scanner, smart card reader and the 

6 like for the purpose of seeking data-base authentication 

7 18 . If login fails, the user has three attempts 20 

8 before the account is locked 22 and the administrator and 

9 the account holder -24 is alerted. Upon a successful login 

10 26, a. transfer request 28 is sent to the control program 

11 on the server to open a transfer information page inquiry 

12 page. 

13 Referring now to Figure 2, when data is to be 

14 transferred 30, an applet is compiled on the server and 

15 sent to the client 32. The applet is a temporary file 

16 allowing the client to select 34 the data files that are 

17 to be transferred. The user adds the file(s) to be 

18 transferred to the application window 46. If the user 

19 account allows, the client has the option of entering via 

-20 the keyboard, a secondary security key 36. It should be 

21 noted that even if two separate people encrypted the exact 

22 same file with the same key, they will have encrypted two, 

23 uniquely different sequences. If one attempts to "crack" 
'24 the application . sequence, they would not be able to 

25 decrypt it because each applet is embedded with a unique 

26 encryption sequence. The encryption sequence generated is 

27 added to the applet template and compiled 38 and 

28 transferred to the server 40 with notification sent to th.e 

29 recipient 42. 

30 The applet breaks the code of the files down into its 

31 binary form during execution. It reads the binary data 

32 and then rewrites the data to -the temporary file that was 

33 previously created. The running program changes the 

34 entire code sequence of the client file to a randomly 
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1 generated .sequence specified by the particular and 
.2 customized applet . The sequence is also designed 'to 

'3 replace every other matching bit of binary code .with :a 

•4 unique string. Thus, with this method, an ‘"a"-, :for 
'5 example, will never be represented twice in .the .same fii-e 
'6 structure. This is designed ‘to deter the common 'method of 

7 cracking encrypted code by repeated or pattern data.. On' 

8 a binary level, the code is rewritten and saved for 

9 transfer in a file format only deeodable by the recipient. 

10 The applet then sends the encrypted data to the server via 

11 SSL protocol. Once the transfer is complete, the>applet 

12 deletes any trace of the file encrypted. With the 

13 destruction of the applet, no two applications are ever 

14 the same because each application contains it's own 

15 encryption sequence .that cannot be replicated. 

16 The encrypted data resides on the server 12 waiting 

17 for an intended recipient to download and unlock it. This 

18 creates the ability to maintain completely encrypted and 

19 secure data archives. When file retrieval is requested by 

20 a recipient, the server then accesses the original record 

21 information of the sequence or algorithm that it 

22 . originally gave to the applet that the server created to 

23 encrypt the file. 

24 Now referring to Fig. 3, shown is the flow chart 

25 depicting the steps for decrypting data for a secure 

26 receipt of electronic data. A recipient 50 opens a web 

27 browser and accesses a qualified server 12 therein 

28 requesting data transfer. The server 12 provides login 

29 account qualifier data.requiring either user name and a. 

30 password 52 or a biometric interface 54 such as a retinal 

31 scanner, finger print scanner, smart card reader and the 

32 like for the purpose of seeking data-base authentication 

33 56. If login fails, the user has three attempts 58 

34 before the account is.locked 60 and the administrator and 

35 the account holder 62 is alerted. 
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1 If 'the login ’is successful, the .server H'2 depicts 

.2 -those files .available "to the recipient 66.. The recipient 

.3 chooses .which :file to retrieve and -the server generates a' 

-4 new applet designed to decrypt the -file requested' 69, 

5 .based on the originai encryption sequence. The.file is 

6 -retrieved .70 and stored in a temporary file. The program 

7 now prompts the user for any secondary key -71 that was 

8 originally entered by the sender. Once the key sets the 

9 - sequence, the applet calculates the sequence that was 

10 originally written on the fly. The applet resumes 

11 decryption with the new sequence of the temporary file 

12 wherein decryption is executed 72 and the decrypted file 

13 saved to a selection location. When the data decryption 

14 is complete, the program saves the file 73 with original 

15 extensions, to a folder specified by the recipient. Then 

16 the applet deletes itself 74 and any data related to the 

17 secure transfer. Upon completion of the transfer and 

18 decryption process, the original encrypted file located on 

19 the server can be triggered to be automatically deleted or 

20 - retained for manual deletion. 

2] It is to be understood that while a certain form of 

22 the invention is illustrated, it is not to be limited to 

23 the specific form or arrangement of parts herein described 

24 and.shown. It will be apparent to those skilled in the 

25 art that various changes may be made without departing 

26 . from the scope of the invention and the invention is not 

27 to be considered limited to what is. shown and described in 

28 the specification and.drawings. 

29 

30 

31 

32 

33 

34 
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CI.AIMS 

What is claimed is: 

Claim 1. A method of encrypting data for .secure 
'transfer and storage of electronic data comprising 'the 
steps of-: 

accessing a conventional web .browser:; 

logging onto a qualified server and providing -account 
qualifier data; 

reading a transfer information inquiry page upon 
verification of account qualifier; 

obtaining a first applet compiled on said server in 
response 'to said inquiry page,- said first applet used to , 
create a temporary file for the upload of data; 

submitting a file for encryption to said applet; ■ 

encrypting said file and forming an encrypted data 
packet; 

forwarding said data packet to said qualified server 
for storage; 

providing a means for decrypting said encrypted data 
packet. 

Claim 2. The method according to claim 1 wherein 
said account qualifier is a user name and password. 

Claim 3. The method according to claim 1 wherein 
said account qualifier is a smart card reader. 

Claim 4. The method according to claim 1 wherein' 
said account qualifier is a biometric interface. 

Claim 5. The method according to claim 4 wherein 
said biometric interface is a retinal scanner. 
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il Claim -6- The .method according ’to claim 4 -wherein 

.'2 said ibiometric interface is a finger .print scanner. 

3 

4 Claim 7.. The :method according 'to claim 1 including 

'5 'the -step o'f entering a secondary security ’key to said 

6 applet.. 

7 

.8 Claim 8. The method according to claim 7, wherein 

9 said secondary key.is a digital file lock- 
10 

11 Claim 9. The method according to claim 1 including 

12 the step of destroying said first applet. 

13 

14 Claim 10. The method according to claim 1 wherein a 

15 recipient is notified of an encrypted data file by an e- 

16 mail message sent via the open SSL protocol upon 

17 submittal of said data packet to said server. 

18' 

19 Claim 11. The method according to claim 1' wherein 

20 said means for decrypting said encrypted data packet 

21 comprising the steps of: 

22 accessing a conventional web browser; 

23 logging onto a qualified server and providing account 

24 qualifier data; 

25 reading a transfer information inquiry page upon 

.26 verification of account qualifier; 

27 obtaining a second applet compiled on said server in 

28 response to said inquiry page, said second applet used to 

29 create a temporary file for the download of data; 

30 submitting a file for decryption to said second 

31 applet; 

32 decrypting said file. 

33 

34 Claim 12. The method according to claim 10 wherein 

35 said second applet is destroyed. 
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Claim 13 . The me.thod according 'to' claim .1 wherein 
said account qualifier is compared against .a .stored 
database. 

Claim 14.. The method according to claim 1 said 
encrypting of said file occurs -during a transfer "to .said 
server. 

Claim 15. A method of encrypting data for secure 
transfer and storage of electronic data comprising the 
steps of: 

accessing a conventional web browser; 

logging onto a qualified server and providing account 
qualifier data; 

reading a transfer information inquiry page upon 
verification of account qualifier; 

obtaining a first applet compiled on said server in 
response to said inquiry page, said first applet used to 
create a temporary file for the upload of data; 

submitting a file for encryption to said applet; 

encrypting said file and forming an encrypted data 
packet; 

forwarding said data packet to said qualified server 
for storage and destroying said first applet; 

obtaining a second applet compiled on said server in¬ 
response to said inquiry page, said second applet used to 
create a temporary file for the download of said encrypted 
data; 

decrypting said file and destroying said second 
applet. 

Claim 16. The method according to claim 15 wherein 
said account qualifier is a user name and password. 
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C’laim T7.. The :method according to claim 15 wherein 
-said .account qualifier is a .smart card reader. 

? CT-aim 3_8.. The method -according to claim 15 wherein 
said account qualifier is a biometric interface. 

Claim 19. The method according to claim 18 wherein 
said biometric interface is a retinal scanner. 

Claim 20. The method according to claim 18 wherein 
said biometric interface is a finger print scanner. 

Claim 21. The method according to claim 15 including 
the step of entering a secondary security key to said 
applet. 

Claim 22. The method according to claim 21, wherein 
said secondary key is a digital file lock. 

Claim 23. The method according to claim 15 wherein a 
recipient is nptified of an encrypted data file by an e- 
mail message sent by SSL protocol upon submittal of said 
data packet to said server. 

. V. 

Claim 24. A system for secure transfer, storage and 
access of electronic data comprising; 

a software system program residing on a server having 
a login entry sequence, means for generating a program 
for encrypting data selected by a sender to create a first 
applet, said first applet used to create a temporary file 
on said sender's computer for the upload of data to be 
transferred forming an encrypted data file, means for- 
transporting and storing of said encrypted data file, 
means for generating a second applet to retrieve and 
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1 decrypt said data file, :said .second -'applet a’lTowing for 
-2 the downloading and decryption of :said data :fiie,. 

■3 

4 Claim 25.. The syst-em according "to claim.'2'4, .wherein 

'5 said applets are controlled -by a user name and password. 

6 

7 Claim 26. The system according to 

8 said sender selects a secondary private 

9 encryption. 

10 

11 Claim 27. The system according to claim 26, wherein 

12 said secondary key is a digital file lock. 

13 

14 Claim 28. The system according to claim 26, wherein 

15 said secondary key biometric interface. 

16 

17 Cl aim 29. The system according to claim 24 wherein 

18 the recipient is notified of an encrypted data file by an 

19 e-mail .message generated' by said system and directed to 

20 said recipient. 

21 

22 Claim 30. The system according to claim 29 wherein 

23 said e-mail is sent by SSL protocol. 

24 

25 


claim 24, wherein 
key to layer said 
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